AWS Cognito Authentication with Escape¶

Description¶

The 'Cognito User Password' preset is designed for authentication using AWS Cognito with username and password credentials:

AWS Cognito Integration: Leverages AWS Cognito, a comprehensive user identity and data synchronization service, for authentication.
Regional Configuration: Allows specifying the AWS region where the Cognito service is hosted, ensuring proper routing and compliance with data residency requirements.
Client Credentials: Utilizes a client ID and client secret for secure OAuth requests within the Cognito framework.
User Authentication: Facilitates the creation and authentication of users with a username and password.

This preset is ideal for systems that use AWS Cognito for managing user authentication, providing a seamless integration with the AWS ecosystem.

Examples¶

presets:
-   type: cognito_userpass
    client_id: yourCognitoClientId
    client_secret: yourCognitoClientSecret
    region: us-west-1
    users:
    -   username: user1
        allow_failure: false
        main_user: false
        password: pass1
        scopes:
        - create
        - delete
    -   username: user2
        allow_failure: false
        main_user: false
        password: pass2

Extensive Configuration¶

Property	Type	Default	Description
`client_id` *	`string`		The client ID to use for the OAuth requests
`client_secret` *	`string`		The client secret to use for the OAuth requests
`region` *	AWSRegion		The region of the Cognito Service.
`type` *	`Const[cognito_userpass]`	`cognito_userpass`
`users` *	`List[`CognitoUserpassUserPreset`]`		A list of users to create

Objects¶

CognitoUserpassUserPreset¶

Property	Type	Default	Description
`allow_failure`	`boolean`	`false`	If false, authentication failure for this user will fail the scan. Ignored for the main user: failures for main user are always fatal.
`basic`	`string`	`null`	The basic to attach Reach the Login Page and attack to the HTTP requests sent for this user.
`cookies`	`Dict[string, string]`	`null`	Optional cookies injected during the authentication process and in authenticated requests.
`digest`	`string`	`null`	The digest to attach Reach the Login Page and attack to the HTTP requests sent for this user.
`headers`	`Dict[string, string]`	`null`	Optional headers injected during the authentication process and in authenticated requests.
`main_user`	`boolean`	`false`	When running a WebApp Testing scan, this indicates that the scanner must use this user when crawling. There must be only one main user per scan. If none is provided, a random user will be selected.
`password` *	`string`		The password of the user.
`query_parameters`	`Dict[string, string]`	`null`	Optional query parameters injected during the authentication process and in authenticated requests.
`role`	`string`	`null`	The role of the user (e.g., admin, user).
`scopes`	`List[string]`	`null`	A list of scopes to request for the user. If not specified, no scope will be requested.
`username` *	`string`		The username of the user.

Enums¶

AWSRegion¶

Value
`us-east-2`
`us-east-1`
`us-west-1`
`us-west-2`
`af-south-1`
`ap-east-1`
`ap-south-1`
`ap-northeast-3`
`ap-northeast-2`
`ap-southeast-1`
`ap-southeast-2`
`ap-northeast-1`
`ca-central-1`
`cn-north-1`
`cn-northwest-1`
`eu-central-1`
`eu-west-1`
`eu-west-2`
`eu-south-1`
`eu-west-3`
`eu-north-1`
`me-south-1`
`sa-east-1`